A Practical and Looming Danger? SHA-1 Collision Attacks

The work that Thomas Peyrin and his colleague, Gaetan Leurent, have done goes far beyond just proving SHA-1 chosen-prefix collision attacks are theoretically possible. They show that such attacks are now cheap and in the budget of cybercrime and nation-state attackers.

en flag
fr flag
de flag
pt flag
es flag

SHA-1 Collision Attacks are Now Actually Practical and a Looming Danger

An extract from an article by Catalin Cimpanu published by ZDNet

Attacks on the SHA-1 hashing algorithm just got a lot more dangerous last week with the discovery of the first-ever “chosen-prefix collision attack,” a more practical version of the SHA-1 collision attack first carried out by Google two years ago.

What this means is that SHA-1 collision attacks can now be carried out with custom inputs, and they’re not just accidental mishaps anymore, allowing attackers to target certain files to duplicate and forge.

SHA-1 Collision Attacks

The SHA-1 hashing function was theoretically broken in 2005; however, the first successful collision attack in the real world was carried out in 2017.

Two years ago, academics from Google and CWI produced two files that had the same SHA-1 hash, in the world’s first ever SHA-1 collision attack — known as “SHAttered.”

Cryptographers predicted SHA-1 would be broken in a real-world scenario, but the SHAttered research came three years earlier than they expected, and also cost only $110,000 to execute using cloud-rented computing power, far less than what people thought it might cost.

Read the complete article at SHA-1 Collision Attacks are Now Actually Practical and a Looming Danger


From Collisions to Chose-Prefix Collisions Application to Full SHA-1

An extract and research report by Gaetan Leurant and Thomas Peyrin

This work puts another nail in the SHA-1 coffin, with almost practical chosen-prefix collisions, between five and twenty-six times more expensive than the identical-prefix collisions recently demonstrated. This shows that continued usage of SHA-1 for certificates or for authentication of handshake messages in TLS, SSH or IKE is dangerous, and could already be abused today by a well-motivated adversary. SHA-1 has been broken since 2004, but it is still used in many security systems; we strongly advise users to remove SHA-1 support to avoid downgrade attacks.

More generally, our results show that, for some hash functions, chosen-prefix collision attacks are much easier than previously expected, and potentially not much harder than a normal collision search.

The Complete Report

From Collisions to Chose-Prefix Collisions Application to Full SHA-1

Read the complete PDF


Additional Reading

Source: ComplexDiscovery